dissect.target.plugins.filesystem.unix.suid

Module Contents

Classes

SuidPlugin

Unix SUID binary plugin.

Attributes

dissect.target.plugins.filesystem.unix.suid.SuidRecord
class dissect.target.plugins.filesystem.unix.suid.SuidPlugin(target: dissect.target.Target)

Bases: dissect.target.plugin.Plugin

Unix SUID binary plugin.

check_compatible() None

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:

UnsupportedPluginError – If the plugin could not be loaded.

suid_binaries() Iterator[SuidRecord]

Return all SUID binaries.

A SUID binary allows all users to run it with the permissions of its owner. This means that a SUID binary owned by the root user can be run with root privileges by any user. Such binaries can be leveraged by an adversary to perform privilege escalation.

References